Please use this identifier to cite or link to this item:
https://hdl.handle.net/20.500.11851/6233Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Haltas, Fatih | - |
| dc.contributor.author | Uzun, Erkam | - |
| dc.contributor.author | Siseci, Necati | - |
| dc.contributor.author | Posul, Abdulkadir | - |
| dc.contributor.author | Emre, Bakır | - |
| dc.date.accessioned | 2021-09-11T15:35:24Z | - |
| dc.date.available | 2021-09-11T15:35:24Z | - |
| dc.date.issued | 2014 | en_US |
| dc.identifier.citation | 6th International Conference on Cyber Conflict (CyCon) -- JUN 03-06, 2014 -- Tallinn, ESTONIA | en_US |
| dc.identifier.isbn | 978-9949-9544-0-7 | - |
| dc.identifier.issn | 2325-5366 | - |
| dc.identifier.uri | https://hdl.handle.net/20.500.11851/6233 | - |
| dc.description.abstract | One of the purposes of active cyber defense systems is identifying infected machines in enterprise networks that are presumably root cause and main agent of various cyber-attacks. To achieve this, researchers have suggested many detection systems that rely on host-monitoring techniques and require deep packet inspection or which are trained by malware samples by applying machine learning and clustering techniques. To our knowledge, most approaches are either lack of being deployed easily to real enterprise networks, because of practicability of their training system which is supposed to be trained by malware samples or dependent to host-based or deep packet inspection analysis which requires a big amount of storage capacity for an enterprise. Beside this, honeypot systems are mostly used to collect malware samples for analysis purposes and identify coining attacks. Rather than keeping experimental results of hot detection techniques as theory and using honeypots for only analysis purposes, in this paper, we present a novel automated hot-infected machine detection system BFH (BotFinder through Honeypots), based on BotFinder, that identifies infected hosts in a real enterprise network by learning approach. Our solution, relies on NetFlow data, is capable of detecting hots which are infected by most-recent malwares whose samples are caught via 97 different honeypot systems. We train BFH by created models, according to malware samples, provided and updated by 97 honeypot systems. BFH system automatically sends caught malwares to classification unit to construct family groups. Later, samples are automatically given to training unit for modeling and perform detection over Net Flow data. Results are double checked by using full packet capture of a month and through tools that identify rogue domains. Our results show that BFH is able to detect infected hosts with very few false-positive rates and successful on handling most-recent malware families since it is fed by 97 Honey pot and it supports large networks with scalability of Hadoop infrastructure, as deployed in a large-scale enterprise network in Turkey. | en_US |
| dc.description.sponsorship | IEEE, NATO Cooperat Cyber Def Ctr Excellence, Microsoft, Verint, Intel, Cisco, Lancope, Ixia, IBM | en_US |
| dc.description.sponsorship | Scientific and Technological Research Council of Turkey (TUBITAK)Turkiye Bilimsel ve Teknolojik Arastirma Kurumu (TUBITAK) | en_US |
| dc.description.sponsorship | This work was an extension of European Union SysSec project and it is funded by The Scientific and Technological Research Council of Turkey (TUBITAK). | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | IEEE | en_US |
| dc.relation.ispartof | 2014 6Th International Conference On Cyber Conflict (Cycon 2014) | en_US |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | Botnet | en_US |
| dc.subject | honeypots NetFlow analysis | en_US |
| dc.subject | machine learning | en_US |
| dc.title | An Automated Bot Detection System through Honeypots for Large-Scale | en_US |
| dc.type | Conference Object | en_US |
| dc.relation.ispartofseries | International Conference on Cyber Conflict | en_US |
| dc.department | Faculties, Faculty of Engineering, Department of Computer Engineering | en_US |
| dc.department | Fakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümü | tr_TR |
| dc.identifier.startpage | 255 | en_US |
| dc.identifier.endpage | + | en_US |
| dc.authorid | 0000-0001-5185-7723 | - |
| dc.identifier.wos | WOS:000349046200017 | en_US |
| dc.identifier.scopus | 2-s2.0-84907921227 | en_US |
| dc.institutionauthor | Uzun, Erkam | - |
| dc.relation.publicationcategory | Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı | en_US |
| dc.relation.conference | 6th International Conference on Cyber Conflict (CyCon) | en_US |
| dc.identifier.scopusquality | - | - |
| item.cerifentitytype | Publications | - |
| item.languageiso639-1 | en | - |
| item.openairecristype | http://purl.org/coar/resource_type/c_18cf | - |
| item.openairetype | Conference Object | - |
| item.fulltext | No Fulltext | - |
| item.grantfulltext | none | - |
| Appears in Collections: | Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection | |
CORE Recommender
WEB OF SCIENCETM
Citations
6
checked on Apr 13, 2024
Page view(s)
8
checked on Apr 15, 2024
Google ScholarTM
Check
Altmetric
Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.